Well my problem is my application can authenticate but the authorization is not correct, cause i get the jsp page wich tells i cant acces to the jsp due to no having authorization. i am using jboss 5.0.1GA jdk6.So this is the steps i made:
1-First i changed my jboss-web.xml : <?xml version="1.0" encoding="UTF-8" ?> | - <jboss-web> | <security-domain>java:/jaas/smsJAAS</security-domain> | <context-root>/jtk_SENIC</context-root> | </jboss-web> 2-i set another application-policy in the file /server/default/conf/login-config.xml: <?xml version="1.0" ?> | - <!-- The XML based JAAS login configuration read by the | org.jboss.security.auth.login.XMLLoginConfig mbean. Add | an application-policy element for each security domain. | | The outline of the application-policy is: | <application-policy name="security-domain-name"> | <authentication> | <login-module code="login.module1.class.name" flag="control_flag"> | <module-option name = "option1-name">option1-value</module-option> | <module-option name = "option2-name">option2-value</module-option> | ... | </login-module> | | <login-module code="login.module2.class.name" flag="control_flag"> | ... | </login-module> | ... | </authentication> | </application-policy> | | $Id: login-config.xml 76444 2008-07-29 23:50:53Z sguil...@redhat.com $ | $Revision: 76444 $ | | --> | - <policy> | - <!-- Used by clients within the application server VM such as | mbeans and servlets that access EJBs. | | --> | - <application-policy name="smsJAAS"> | - <authentication> | - <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> | <module-option name="unauthenticatedIdentity">guest</module-option> | <module-option name="dsJndiName">java:/smsactjndi</module-option> | <module-option name="principalsQuery">SELECT contrasena FROM usuarios_v WHERE nomusuario=?</module-option> | <module-option name="rolesQuery">SELECT nomgrupous, 'Roles' FROM usuarios_v WHERE nomusuario=?</module-option> | </login-module> | </authentication> | </application-policy> | - <application-policy name="client-login"> | - <authentication> | - <login-module code="org.jboss.security.ClientLoginModule" flag="required"> | - <!-- Any existing security context will be restored on logout | --> | <module-option name="restore-login-identity">true</module-option> | </login-module> | </authentication> | </application-policy> | - <!-- Security domains for testing new jca framework | --> | - <application-policy name="HsqlDbRealm"> | - <authentication> | - <login-module code="org.jboss.resource.security.ConfiguredIdentityLoginModule" flag="required"> | <module-option name="principal">sa</module-option> | <module-option name="userName">sa</module-option> | <module-option name="password" /> | <module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option> | </login-module> | </authentication> | </application-policy> | - <application-policy name="JmsXARealm"> | - <authentication> | - <login-module code="org.jboss.resource.security.ConfiguredIdentityLoginModule" flag="required"> | <module-option name="principal">guest</module-option> | <module-option name="userName">guest</module-option> | <module-option name="password">guest</module-option> | <module-option name="managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option> | </login-module> | </authentication> | </application-policy> | - <!-- A template configuration for the jmx-console web application. This | defaults to the UsersRolesLoginModule the same as other and should be | changed to a stronger authentication mechanism as required. | | --> | - <application-policy name="jmx-console"> | - <authentication> | - <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> | <module-option name="usersProperties">props/jmx-console-users.properties</module-option> | <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option> | </login-module> | </authentication> | </application-policy> | - <!-- A template configuration for the web-console web application. This | defaults to the UsersRolesLoginModule the same as other and should be | changed to a stronger authentication mechanism as required. | | --> | - <application-policy name="web-console"> | - <authentication> | - <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> | <module-option name="usersProperties">web-console-users.properties</module-option> | <module-option name="rolesProperties">web-console-roles.properties</module-option> | </login-module> | </authentication> | </application-policy> | - <!-- A template configuration for the JBossWS security domain. | This defaults to the UsersRolesLoginModule the same as other and should be | changed to a stronger authentication mechanism as required. | | --> | - <application-policy name="JBossWS"> | - <authentication> | - <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> | <module-option name="usersProperties">props/jbossws-users.properties</module-option> | <module-option name="rolesProperties">props/jbossws-roles.properties</module-option> | <module-option name="unauthenticatedIdentity">anonymous</module-option> | </login-module> | </authentication> | </application-policy> | - <!-- The default login configuration used by any security domain that | does not have a application-policy entry with a matching name | | --> | - <application-policy name="other"> | - <!-- A simple server login module, which can be used when the number | of users is relatively small. It uses two properties files: | users.properties, which holds users (key) and their password (value). | roles.properties, which holds users (key) and a comma-separated list of | their roles (value). | The unauthenticatedIdentity property defines the name of the principal | that will be used when a null username and password are presented as is | the case for an unuathenticated web client or MDB. If you want to | allow such users to be authenticated add the property, e.g., | unauthenticatedIdentity="nobody" | | --> | - <authentication> | <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required" /> | </authentication> | </application-policy> | </policy> 3- configuring my web xml with security constraints: <?xml version="1.0" encoding="UTF-8" ?> | - <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> | - <!-- Nombre de la unidad de persistencia para JToolkitFW | --> | - <context-param> | <param-name>com.sun.faces.verifyObjects</param-name> | <param-value>false</param-value> | </context-param> | - <context-param> | <param-name>com.sun.faces.validateXml</param-name> | <param-value>true</param-value> | </context-param> | - <context-param> | <param-name>javax.faces.STATE_SAVING_METHOD</param-name> | <param-value>client</param-value> | </context-param> | - <context-param> | <param-name>com.sun.faces.verifyObjects</param-name> | <param-value>false</param-value> | </context-param> | - <context-param> | <param-name>com.sun.faces.validateXml</param-name> | <param-value>true</param-value> | </context-param> | - <context-param> | <param-name>javax.faces.STATE_SAVING_METHOD</param-name> | <param-value>client</param-value> | </context-param> | - <env-entry> | <env-entry-name>jndi_pool</env-entry-name> | <env-entry-type>java.lang.String</env-entry-type> | <env-entry-value>jndi/smsact</env-entry-value> | </env-entry> | - <servlet> | <servlet-name>Faces Servlet</servlet-name> | <servlet-class>javax.faces.webapp.FacesServlet</servlet-class> | <load-on-startup>1</load-on-startup> | - <security-role-ref> | <description /> | <role-name>suscriptores</role-name> | <role-link>suscriptores</role-link> | </security-role-ref> | - <security-role-ref> | <description /> | <role-name>promotores</role-name> | <role-link>promotores</role-link> | </security-role-ref> | - <security-role-ref> | <description /> | <role-name>mensajes</role-name> | <role-link>mensajes</role-link> | </security-role-ref> | - <security-role-ref> | <description /> | <role-name>categorias</role-name> | <role-link>categorias</role-link> | </security-role-ref> | - <security-role-ref> | <description /> | <role-name>envio_directo</role-name> | <role-link>envio_directo</role-link> | </security-role-ref> | - <security-role-ref> | <description /> | <role-name>perfiles</role-name> | <role-link>perfiles</role-link> | </security-role-ref> | - <security-role-ref> | <description>adming</description> | <role-name>adming</role-name> | <role-link>adming</role-link> | </security-role-ref> | </servlet> | - <!-- #Security constraints | --> | - <error-page> | <error-code>403</error-code> | <location>/error/acceso_denegado.jsp</location> | </error-page> | - <security-constraint> | <display-name>principal</display-name> | - <web-resource-collection> | <web-resource-name>principal</web-resource-name> | <description /> | <url-pattern>/faces/principal.jsp</url-pattern> | <http-method>GET</http-method> | <http-method>POST</http-method> | <http-method>HEAD</http-method> | <http-method>PUT</http-method> | <http-method>OPTIONS</http-method> | <http-method>TRACE</http-method> | <http-method>DELETE</http-method> | </web-resource-collection> | - <auth-constraint> | <role-name>mensajes</role-name> | <role-name>suscriptores</role-name> | <role-name>promotores</role-name> | <role-name>categorias</role-name> | <role-name>envio_directo</role-name> | <role-name>perfiles</role-name> | <role-name>adming</role-name> | </auth-constraint> | </security-constraint> | - <!-- #Roles | --> | - <security-constraint> | <display-name>grabador de suscriptores</display-name> | - <web-resource-collection> | <web-resource-name>categ_susc</web-resource-name> | <description /> | <url-pattern>/faces/categ_susc.jsp</url-pattern> | <http-method>GET</http-method> | <http-method>POST</http-method> | <http-method>HEAD</http-method> | <http-method>PUT</http-method> | <http-method>OPTIONS</http-method> | <http-method>TRACE</http-method> | <http-method>DELETE</http-method> | </web-resource-collection> | - <web-resource-collection> | <web-resource-name>suscriptores</web-resource-name> | <description /> | <url-pattern>/faces/suscriptores.jsp</url-pattern> | <http-method>GET</http-method> | <http-method>POST</http-method> | <http-method>HEAD</http-method> | <http-method>PUT</http-method> | <http-method>OPTIONS</http-method> | <http-method>TRACE</http-method> | <http-method>DELETE</http-method> | </web-resource-collection> | - <auth-constraint> | <description /> | <role-name>suscriptores</role-name> | </auth-constraint> | </security-constraint> | - <security-constraint> | <display-name>grabador de mensajes</display-name> | - <web-resource-collection> | <web-resource-name>mensajes</web-resource-name> | <description /> | <url-pattern>/faces/mensajes.jsp</url-pattern> | <http-method>GET</http-method> | <http-method>POST</http-method> | <http-method>HEAD</http-method> | <http-method>PUT</http-method> | <http-method>OPTIONS</http-method> | <http-method>TRACE</http-method> | <http-method>DELETE</http-method> | </web-resource-collection> | - <auth-constraint> | <description /> | <role-name>mensajes</role-name> | </auth-constraint> | </security-constraint> | - <security-constraint> | <display-name>envio directo</display-name> | - <web-resource-collection> | <web-resource-name>envio_directo</web-resource-name> | <description /> | <url-pattern>/faces/envio_directo.jsp</url-pattern> | <http-method>GET</http-method> | <http-method>POST</http-method> | <http-method>HEAD</http-method> | <http-method>PUT</http-method> | <http-method>OPTIONS</http-method> | <http-method>TRACE</http-method> | <http-method>DELETE</http-method> | </web-resource-collection> | - <auth-constraint> | <description /> | <role-name>envio_directo</role-name> | </auth-constraint> | </security-constraint> | - <security-constraint> | <display-name>promotores</display-name> | - <web-resource-collection> | <web-resource-name>promotores</web-resource-name> | <description /> | <url-pattern>/faces/promotores.jsp</url-pattern> | <http-method>GET</http-method> | <http-method>POST</http-method> | <http-method>HEAD</http-method> | <http-method>PUT</http-method> | <http-method>OPTIONS</http-method> | <http-method>TRACE</http-method> | <http-method>DELETE</http-method> | </web-resource-collection> | - <auth-constraint> | <description /> | <role-name>promotores</role-name> | </auth-constraint> | </security-constraint> | - <security-constraint> | <display-name>categorias</display-name> | - <web-resource-collection> | <web-resource-name>categorias</web-resource-name> | <description /> | <url-pattern>/faces/categorias.jsp</url-pattern> | <http-method>GET</http-method> | <http-method>POST</http-method> | <http-method>HEAD</http-method> | <http-method>PUT</http-method> | <http-method>OPTIONS</http-method> | <http-method>TRACE</http-method> | <http-method>DELETE</http-method> | </web-resource-collection> | - <auth-constraint> | <description /> | <role-name>categorias</role-name> | </auth-constraint> | </security-constraint> | - <security-constraint> | <display-name>perfiles</display-name> | - <web-resource-collection> | <web-resource-name>perfiles</web-resource-name> | <description /> | <url-pattern>/faces/grupos.jsp</url-pattern> | <url-pattern>/faces/idiomas.jsp</url-pattern> | <url-pattern>/faces/entidades.jsp</url-pattern> | <url-pattern>/faces/sol_informacion.jsp</url-pattern> | <url-pattern>/faces/usuarios.jsp</url-pattern> | <http-method>GET</http-method> | <http-method>POST</http-method> | <http-method>HEAD</http-method> | <http-method>PUT</http-method> | <http-method>OPTIONS</http-method> | <http-method>TRACE</http-method> | <http-method>DELETE</http-method> | </web-resource-collection> | - <auth-constraint> | <description /> | <role-name>perfiles</role-name> | </auth-constraint> | </security-constraint> | - <security-constraint> | <display-name>adming</display-name> | - <web-resource-collection> | <web-resource-name>entidades</web-resource-name> | <description /> | <url-pattern>/faces/entidadest.jsp</url-pattern> | <http-method>GET</http-method> | <http-method>POST</http-method> | <http-method>HEAD</http-method> | <http-method>PUT</http-method> | <http-method>OPTIONS</http-method> | <http-method>TRACE</http-method> | <http-method>DELETE</http-method> | </web-resource-collection> | - <web-resource-collection> | <web-resource-name>usuariost</web-resource-name> | <description /> | <url-pattern>/faces/usuariost.jsp</url-pattern> | <http-method>GET</http-method> | <http-method>POST</http-method> | <http-method>HEAD</http-method> | <http-method>PUT</http-method> | <http-method>OPTIONS</http-method> | <http-method>TRACE</http-method> | <http-method>DELETE</http-method> | </web-resource-collection> | - <auth-constraint> | <description /> | <role-name>adming</role-name> | </auth-constraint> | </security-constraint> | - <login-config> | <auth-method>FORM</auth-method> | <realm-name>smsJAAS</realm-name> | - <form-login-config> | <form-login-page>/login/login.jsp</form-login-page> | <form-error-page>/login/login.jsp?error=true</form-error-page> | </form-login-config> | </login-config> | - <servlet-mapping> | <servlet-name>Faces Servlet</servlet-name> | <url-pattern>/faces/*</url-pattern> | </servlet-mapping> | - <session-config> | <session-timeout>30</session-timeout> | </session-config> | - <welcome-file-list> | <welcome-file>faces/principal.jsp</welcome-file> | </welcome-file-list> | - <security-role> | <description>Administracion de mensajes</description> | <role-name>mensajes</role-name> | </security-role> | - <security-role> | <description>Administracion de suscriptores</description> | <role-name>suscriptores</role-name> | </security-role> | - <security-role> | <description>Administracion de los promotores</description> | <role-name>promotores</role-name> | </security-role> | - <security-role> | <description>Administracion de las categorias</description> | <role-name>categorias</role-name> | </security-role> | - <security-role> | <description>Acceso al envio directo</description> | <role-name>envio_directo</role-name> | </security-role> | - <security-role> | <description>Acceso a la administracion de perfiles</description> | <role-name>perfiles</role-name> | </security-role> | - <security-role> | <description>Opciones de administrador general</description> | <role-name>adming</role-name> | </security-role> | </web-app> View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4218579#4218579 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4218579 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user